Issue 1 in jsslutils: PKIX path building failed:unable to find valid certification path to request
codesite...@google.com
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 1 by vamseedeep: PKIX path building failed:unable to find valid
certification path to request
http://code.google.com/p/jsslutils/issues/detail?id=1
I am using the attached client program to get certificate from server. This
client program is getting and storing trusted entries into my trustStore,
but the client is failing at the time of sending a request to server. The
exception it is throwing is: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
case 1:
If I place original trustStore(cacerts, which java provides) and do the
following:
1. I am trying to connect server1, It will connect properly.
2. If I try to connect server2, it will fail to connect.
3. If I stop & start JVM(my app), both servers got connected.
case2:
If I place original trustStore(cacerts, which java provides) and do the
following:
1. I am trying to connect server2, It will connect properly.
2. If I try to connect server1, it will fail to connect.
3. If I stop & start JVM(my app), both servers got connected.
In both cases certificate entries are getting stored properly and if I
restart my application, I am able to connect to both the servers.
Please provide your views why I am getting the exception when I am trying
to connect to the second server in both the above cases. Why the JVM is not
recognizing the second server's certificate ? Why the JVM is recognizing
the certificate only if I do a restart the application ( My requirement is
that I should not restart the application) ?
Thanks In Advance,
Vamsee.
Attachments:
query.doc 33.0 KB
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
codesite...@google.com
Comment #1 on issue 1 by vamseedeep: PKIX path building failed:unable to
http://code.google.com/p/jsslutils/issues/detail?id=1
Its look like SSLContexts are singletons per protocol, so my client reusing
the same
one, that already has a TrustManager that has already loaded the contents of
'cacerts' as they were before I added the certificate.
Is there any way to reinitialize the SSLContext with the updated trustStore
in the
same JVM?
codesite...@google.com
Status: Invalid
Comment #2 on issue 1 by Bruno.Ha...@manchester.ac.uk: PKIX path building
failed:unable to find valid certification path to request
http://code.google.com/p/jsslutils/issues/detail?id=1
The code in your document doesn't seem to make any reference to jSSLutils,
it's using
the Java API directly. I'd suggest to go to Java forums directly if you
want some
help with Java and JSSE. By the way, Word documents are not the best way to
put code
samples.
From what I can see in this document, your SavingTrustManager accepts
anything (to
make the validation fail, it would have to throw an exception). I'm not
sure I would
save the new trusted certificates in the default trust stores. I also
suspect there
might be something wrong when the trust store is saved in your example,
this would
explain the issue not showing up when restarting the JVM.